Gtbabel: Security Vulnerabilities
The Gtbabel WordPress plugin before 6.6.9 does not ensure that the URL to perform code analysis upon belongs to the blog which could allow unauthenticated attackers to retrieve a logged in user (such as admin) cookies by making them open a crafted URL as the request made to analysed the URL contains such cookies.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-03-10